LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-07-2015, 06:54 AM   #1
Dannermax
LQ Newbie
 
Registered: Jun 2014
Posts: 26

Rep: Reputation: Disabled
How to block almost all outgoing traffic (except VPN) from a specific IP in my router


hi all.

I would like to know, how i block all outgoing internet traffic in my router, (exept VPN traffic) from my NAS. My Synology NAS is connected to a VPN service with OPENVPN. As far as i know, the VPN traffic is on port 1194.

So i have attached the configuration in my router below this message. The policy i have added in the picture, applies to only 192.168.1.52 (my NAS)

I want to achieve this, because sometimes the vpn tunnel fails, (and unloads the IP-Table package) and my real IP is exposed..So if i block it from my router, i am safe.

But i have run into an issue. I am also using a program called Flexget, which runs a script, many times a day. And i can see in its log file, that it cant do URL lookups. So i am guessing that i am blocking dns requests aswell? So how do I, let's say, allow VPN traffic, and googles DNS (8.8.8.8)? (and perhaps something else for it to function properly??)


You are probably thinking that i should ask in the forum of my router, but i already did. And they don't know how to solve such a.. technical problem
And you guys inhere know ALOT about networking...


Thanks for your time! Hope to hear from you
Attached Thumbnails
Click image for larger version

Name:	access-control.gif
Views:	68
Size:	38.8 KB
ID:	18389  
 
Old 05-07-2015, 11:55 AM   #2
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
Have you tried THIS
 
Old 05-07-2015, 03:00 PM   #3
jefro
Moderator
 
Registered: Mar 2008
Posts: 22,023

Rep: Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632
Some notes, not solutions.

You have two things that collide here. One is that you want a vpn and then want to move outside of it for dns. In a true vpn you can't allow that by default or shouldn't. It does expose the tunnel.

Yes, tunnels are hard to maintain. The more secure get the more impossible it is to get it to work across the internet.


Not sure exposing your IP is protected by your openvpn deal.


I might be tempted to run either a virtual machine router or get a new router inbetween that acts as your openvpn and have some sort of fail over or reboot.

I assume your isp (by normal issues) is more the cause of the vpn getting dropped. Maybe not.

Last edited by jefro; 05-07-2015 at 03:15 PM.
 
Old 05-09-2015, 02:05 PM   #4
Dannermax
LQ Newbie
 
Registered: Jun 2014
Posts: 26

Original Poster
Rep: Reputation: Disabled
Thanks for your reply guys... Gave me something to think about!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Block outgoing mail for specific users austin001 Linux - Server 2 02-27-2012 03:51 PM
Block Outgoing HTTP traffic joemon83 Linux - Security 7 05-21-2010 11:19 AM
Iptables/Guarddog - how to block specific outgoing packets craftybytes Linux - Security 7 05-19-2006 12:26 AM
Block outgoing traffic through router? Micro420 Linux - Networking 3 03-15-2005 07:01 AM
Blocking outgoing traffic from a specific port billy3 Linux - Security 10 09-24-2004 08:10 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:08 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration